{"containers":{"cna":{"affected":[{"product":"Odoo Community","vendor":"Odoo","versions":[{"lessThanOrEqual":"13.0","status":"affected","version":"unspecified","versionType":"custom"}]},{"product":"Odoo Enterprise","vendor":"Odoo","versions":[{"lessThanOrEqual":"13.0","status":"affected","version":"unspecified","versionType":"custom"}]}],"credits":[{"lang":"en","value":"Martin Trigaux"},{"lang":"en","value":"Alexandre Diaz"}],"descriptions":[{"lang":"en","value":"Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote authenticated users to modify translated terms, which may lead to arbitrary content modification on translatable elements."}],"metrics":[{"cvssV3_0":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","version":"3.0"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-284","description":"CWE-284 Improper Access Control","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2020-12-22T16:25:38.000Z","orgId":"22c90092-d340-4fb8-a06e-f1193e012523","shortName":"odoo"},"references":[{"tags":["x_refsource_MISC"],"url":"https://github.com/odoo/odoo/issues/63711"}],"source":{"advisory":"ODOO-SA-2020-12-02","discovery":"EXTERNAL"},"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"security@odoo.com","ID":"CVE-2019-11786","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Odoo Community","version":{"version_data":[{"version_affected":"<=","version_value":"13.0"}]}},{"product_name":"Odoo Enterprise","version":{"version_data":[{"version_affected":"<=","version_value":"13.0"}]}}]},"vendor_name":"Odoo"}]}},"credit":[{"lang":"eng","value":"Martin Trigaux"},{"lang":"eng","value":"Alexandre Diaz"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote authenticated users to modify translated terms, which may lead to arbitrary content modification on translatable elements."}]},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","version":"3.0"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-284 Improper Access Control"}]}]},"references":{"reference_data":[{"name":"https://github.com/odoo/odoo/issues/63711","refsource":"MISC","url":"https://github.com/odoo/odoo/issues/63711"}]},"source":{"advisory":"ODOO-SA-2020-12-02","discovery":"EXTERNAL"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T23:03:32.888Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/odoo/odoo/issues/63711"}]}]},"cveMetadata":{"assignerOrgId":"22c90092-d340-4fb8-a06e-f1193e012523","assignerShortName":"odoo","cveId":"CVE-2019-11786","datePublished":"2020-12-22T16:25:38.000Z","dateReserved":"2019-05-06T00:00:00.000Z","dateUpdated":"2024-08-04T23:03:32.888Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}